Execution results: JS traps on exnref on the boundary (WebAssembly#7147)

kripken · web-flow · commit 52bc45fc34ec · 2024-12-12T11:34:26.000-08:00
Fixes WebAssembly#7145
diff --git a/src/tools/execution-results.h b/src/tools/execution-results.h
@@ -187,8 +187,8 @@ struct LoggingExternalInterface : public ShellExternalInterface {
     Literals arguments;
     for (const auto& param : func->getParams()) {
       // An i64 param can work from JS, but fuzz_shell provides 0, which errors
-      // on attempts to convert it to BigInt. v128 cannot work at all.
-      if (param == Type::i64 || param == Type::v128) {
+      // on attempts to convert it to BigInt. v128 and exnref are disalloewd.
+      if (param == Type::i64 || param == Type::v128 || param.isExn()) {
         throwEmptyException();
       }
       if (!param.isDefaultable()) {
@@ -200,9 +200,9 @@ struct LoggingExternalInterface : public ShellExternalInterface {
     // Error on illegal results. Note that this happens, as per JS semantics,
     // *before* the call.
     for (const auto& result : func->getResults()) {
-      // An i64 result is fine: a BigInt will be provided. But v128 still
-      // errors.
-      if (result == Type::v128) {
+      // An i64 result is fine: a BigInt will be provided. But v128 and exnref
+      // still error.
+      if (result == Type::v128 || result.isExn()) {
         throwEmptyException();
       }
     }
diff --git a/test/lit/exec/fuzzing-api.wast b/test/lit/exec/fuzzing-api.wast
@@ -218,6 +218,24 @@
   )
  )
 
+ (func $illegal-exnref (param $x exnref)
+  ;; Helper for the function below.
+  (call $log-i32
+   (i32.const 57)
+  )
+ )
+
+ ;; CHECK:      [fuzz-exec] calling ref.calling.illegal-exnref
+ ;; CHECK-NEXT: [LoggingExternalInterface logging 1]
+ (func $ref.calling.illegal-exnref (export "ref.calling.illegal-exnref")
+  ;; As above, we throw on the exnref param, and log 1.
+  (call $log-i32
+   (call $call.ref.catch
+    (ref.func $illegal-exnref)
+   )
+  )
+ )
+
  (func $illegal-result (result v128)
   ;; Helper for the function below. The result is illegal for JS.
   (call $log-i32
@@ -324,6 +342,9 @@
 ;; CHECK:      [fuzz-exec] calling ref.calling.illegal-v128
 ;; CHECK-NEXT: [LoggingExternalInterface logging 1]
 
+;; CHECK:      [fuzz-exec] calling ref.calling.illegal-exnref
+;; CHECK-NEXT: [LoggingExternalInterface logging 1]
+
 ;; CHECK:      [fuzz-exec] calling ref.calling.illegal-result
 ;; CHECK-NEXT: [LoggingExternalInterface logging 1]
 
@@ -339,6 +360,7 @@
 ;; CHECK-NEXT: [fuzz-exec] comparing ref.calling
 ;; CHECK-NEXT: [fuzz-exec] comparing ref.calling.catching
 ;; CHECK-NEXT: [fuzz-exec] comparing ref.calling.illegal
+;; CHECK-NEXT: [fuzz-exec] comparing ref.calling.illegal-exnref
 ;; CHECK-NEXT: [fuzz-exec] comparing ref.calling.illegal-result
 ;; CHECK-NEXT: [fuzz-exec] comparing ref.calling.illegal-v128
 ;; CHECK-NEXT: [fuzz-exec] comparing ref.calling.legal
